Skip to content
This repository has been archived by the owner on Jan 24, 2024. It is now read-only.

v2.11.1.2-b2c38c: Optimize authorization by caching authorization results (#1999)
Compare
Choose a tag to compare
@streamnativebot streamnativebot released this 06 Jun 12:15
· 7 commits to master since this release
v2.11.1.2-b2c38c
9ab8411
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode. 
### Motivation

To follow Kafka's behavior, KoP also performs authorization for each
PRODUCE or FETCH request. If the custom authorization provider is slow
to authorize produce or consume permissions, the performance will be
impacted.

### Modifications

Introduce caches for authorization:
- PRODUCE: (topic, role) -> result
- FETCH: (topic, role, group) -> result;

Add `SlowAuthorizationTest` to verify the producer and consumer won't be
affected significantly by slow authorization.

Introduce two configs to configure the cache policy so that revoke
permission can work:
- kopAuthorizationCacheRefreshMs: the refresh timeout
- kopAuthorizationCacheMaxCountPerConnection: the max cache size
Assets 5
Loading